CVE-2019-9798
Last modified
CVE-2019-9798 is a vulnerability of currently unknown severity. On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. EPSS estimates a 0.91% chance of exploitation in the next 30 days.
Description
On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This issue only affects Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 66.0 |
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1527534Issue Tracking, Permissions Required, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2019-07/Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1527534Issue Tracking, Permissions Required, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2019-07/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-9798?
How severe is CVE-2019-9798?
How do I fix CVE-2019-9798?
Are you affected by CVE-2019-9798?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST